Only run group refresh when the skipGroupRefresh boolean isn't set

for AD and LDAP
2026-01-03 11:45:45 +00:00 · 2022-02-01 08:31:29 -08:00
parent 67085e9dbb
commit fdac4d16f0
34 changed files with 366 additions and 13 deletions
--- a/apis/supervisor/idp/v1alpha1/types_activedirectoryidentityprovider.go.tmpl
+++ b/apis/supervisor/idp/v1alpha1/types_activedirectoryidentityprovider.go.tmpl
@@ -1,4 +1,4 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package v1alpha1
@@ -131,6 +131,11 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
 	// the result of the group search.
 	// +optional
 	Attributes ActiveDirectoryIdentityProviderGroupSearchAttributes `json:"attributes,omitempty"`
+
+	// SkipGroupRefresh skips the group refresh operation that occurs with each refresh
+	// (every 5 minutes). This can be done if group search is very slow or resource intensive for the AD
+	// server.
+	SkipGroupRefresh bool `json:"skipGroupRefresh"`
 }

 // Spec for configuring an ActiveDirectory identity provider.
--- a/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go.tmpl
+++ b/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go.tmpl
@@ -1,4 +1,4 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package v1alpha1
@@ -119,6 +119,11 @@ type LDAPIdentityProviderGroupSearch struct {
 	// the result of the group search.
 	// +optional
 	Attributes LDAPIdentityProviderGroupSearchAttributes `json:"attributes,omitempty"`
+
+	// SkipGroupRefresh skips the group refresh operation that occurs with each refresh
+	// (every 5 minutes). This can be done if group search is very slow or resource intensive for the LDAP
+	// server.
+	SkipGroupRefresh bool `json:"skipGroupRefresh"`
 }

 // Spec for configuring an LDAP identity provider.